is the Linux kernel becoming safer or becoming more vulnerable?
Posted Jul 17, 2008 19:38 UTC (Thu) by zooko
In reply to: Time for a security release?
Parent article: Handling kernel security problems
"To me, this flamewar serves as proof of one thing: the kernel is far less secure than many people imagine."
I'm sure I agree, but this doesn't necessarily mean that the kernel ought to be made more secure. :-) Perhaps it means that people ought to have a lower expectation of its security. To make the kernel more secure would have other costs -- it might have less frequent releases, or support less new hardware, and so on. What I'm hoping for is not necessarily that the kernel development process changes to make the result more secure, but rather that it changes to make its security properties more transparent -- both users and developers.
I'm not entirely sure how to do this -- it is hard to measure. But things that are hard to do are sometimes worth it -- better transparency and measurement can only help. Thanks to PaXTeam, GregKH, and Jon Corbet for their contributions to better transparency and measurement.
So, my current burning question is: do we have reason to believe that the current 2.6.27 candidate has more or fewer exploitable security flaws than 2.6.26? How about 2.6.25? Do we think that 2.6.28, when it comes out is likely to have more or fewer?
As rational, empirical thinkers who are faced with such an empirical question, we can take two complementary approached: measure the result, and we could look at the process and infer what we think would be the result. My humble attempt at the latter approach is here: https://zooko.com/log-2008.html#d2008-07-17-the_Linux_process_for_producing_more_and_more_rare_bugs.
(I don't say so explicitly in that note, but an important consideration is that malicious actors are capable of exploiting flaws which are so rare that they never happen in the non-malicious case. Thus, if it is true that the Linux processes adds more and more rare bugs into the kernel while fixing common bugs, then this implies that it adds more and more security vulnerabilities into the kernel.)
to post comments)